Challenges Faced by Developing Countries

Tremendous technological advancements have been made in the healthcare field in the last ten years. While most developing countries have now acquired the technological know-how which was first only reserved for the developed countries, unfortunately developing countries still lag far behind in the race of securing the privacy of patients [19]. Due to a myriad of challenges present in developing countries, the personally identifiable information of patients is not secure. The lack of a coherent healthcare system which ensures the privacy of an individual affects the level of treatment meted out to patients. Protecting the integrity of a patient’s data ensures that a patient is comfortable to reveal accurate information. The challenges faced by developing countries are:

Data Storage and Management

The papers [20-24] state that the establishment of a healthcare privacy system entails secure data storage and management. Healthcare data must be encrypted to ensure confidentiality. The management of and access to data should be restricted and logs must be maintained. The secure management of information entails significant administrative overhead for which qualified individuals must be employed. Healthcare information needs to be constantly updated and maintained. The type of data storage used, centralized or distributed, should also be taken into consideration. In huge countries which are split into states for better management, should healthcare data be stored centrally or stored locally? Many times, data would need to be shared between states to combat a ubiquitous disease in real-time. The management of such a data repository requires considerable overhead. The type of data storage employed must be carefully worked out. Healthcare data management is a sensitive task. The leakage of personally identifiable information can be devastating for a patient. Should a third-party company be employed to transfer the risk of leakage or should the government of the country itself oversee the data management ? In most cases, developing countries don’t have the resources to employ all the mechanisms and technologies needed to make storage and management secure. The establishment of a privacy policy in writing but without any implementation results in more confusion and chaos which inevitably leads to the leakage of information.

Data Sharing

In Refs. [20, 25], the secure sharing of healthcare data between patients and healthcare providers or insurance companies must be facilitated by a nation’s healthcare privacy policy. A system must be set in place to ensure data shared does not lead to the identification of the patient. A data use agreement must be enforced, and the patient’s consent must be taken before data can be shared. Data which are shared must be encrypted and anonymized. The access to these data must be restricted. To ensure secure data sharing and exchange, a policy must be set in place which specifically points out the penalty for the violation of any clause of the policy. To ensure secure data sharing there must be a harmonization of guidelines and regulations enforced by the country. In most developing countries, the establishment of a clear, coherent law which enables the sharing of healthcare data is absent, instead having multiple contractual obligations in its place which only serve to alleviate issues on paper and not in reality.

Prevalent Indifference and Red-Tape

In Ref. [26], complacency and indifference towards bringing in legislation which establishes a robust healthcare system are widespread. While healthcare is given importance, the privacy of the individual takes a backseat. However, with identity theft and cybercrime at an all-time high, the privacy and security of healthcare records must be focused on. Politics and red-tape almost always succeed, which leaves progress faltering for years on end. Politicians make promises to win elections but do absolutely nothing to fulfil them once elected. The work, planning, cooperation and communication required amongst multiple departments to make the privacy and security of healthcare in developing countries a success are gargantuan.

However, due to negligence, the likelihood of a privacy model being implemented is poor. Red-tape must be removed to ensure an efficient, scalable and secure healthcare system.

Infrastructure

As suggested in Refs. [27,28], infrastructure plays a critical role in the security of the healthcare system. The defence-in-depth concept should be utilized instead of a single security control while developing the healthcare system to prevent unauthorized access. Developing countries must be ready to completely overhaul their healthcare system to integrate security and privacy mechanisms. In some cases where integration is not possible, the infrastructure would have to be built from the ground up. The infrastructure must be scalable, easily accessible and dynamic. A proper healthcare privacy protocol and structure must be defined, taking into consideration the urban and rural population. The infrastructure should be easy to use but at the same time secure. The sharing, storage and management of data hinge on a secure infrastructure. The development and integration of a new privacy healthcare infrastructure in a developing country require inputs from the top minds in various fields, viz. security, healthcare, privacy, all working together to ensure that the system is robust. This may require international experts as well. The cost of planning the infrastructure is also significant which must be taken into consideration. The infrastructure must support interoperability and availability to ensure privacy is maintained for every patient.

Population

The population plays a significant role in the efficiency of healthcare privacy in a country. The larger the population, the harder it is to implement a policy which effectively secures privacy for all. With almost every developing country suffering from population explosion, ensuring the privacy of every citizen becomes a hard task. Errors in data entry where the healthcare information of one individual is stored under another person’s name or multiple people having the same name lead to confusion, data inconsistency and affects the level of treatment meted out. Establishing a privacy policy on paper and implementing a policy which is scalable and dynamic enough to provide reliable security is immensely hard.

Budgetary Constraints

The cost of implementing a privacy system is huge and requires continuous funding from the government for upkeep, maintenance and upgrades against new-age cyberattacks. The development and planning require specialists in the fields of healthcare, security, privacy and architecture to help implement a model which effectively secures the privacy of personally identifiable information. Building the actual infrastructure may have to be outsourced to third-party companies. The management, storage and exchange of data may be facilitated by companies overseas. The unseen costs while implementing a privacy model for a whole country are huge. Most developing countries don’t possess the adequate budget necessary to implement a healthcare privacy system [29]. The lending of money by other countries to facilitate development leads to huge debt which affects the country’s long-term growth. Taking the help of another country’s physical resources, such as servers, may lead to the leakage of information and the threat of snooping. Thus developing countries find it immensely onerous to implement a privacy system.

Culture and Literacy Rate

The culture prevalent in every country is unique [30, 31]. A country like India has a vast number of dialects, with each region speaking a different language. Thus the implementation of a privacy model in one language or dialect would not suffice. Automating the conversion of healthcare reports from one language to another may lead to discrepancies and incorrect information. In many cultures, the disclosure of sensitive personal information is looked down upon. This may be due to tradition, insufficient trust between patients and healthcare providers or fear of ostracization. Eliminating the stigma associated with the disclosure of sensitive healthcare information to healthcare providers would improve the level of treatment meted out and reduce fatalities. Due to inaccurate disclosure, research and statistics of treatment given then don’t match the records. The literacy rate present in a region also plays an immense role in the success of a healthcare system. The literate realize the need for a reliable and efficient healthcare system. Strong health literacy enables people to develop the skills and confidence to make informed decisions about their health and the health of their families, to be active partners in their care, to effectively navigate healthcare systems and to advocate effectively to their political leaders and policy-makers.

Cyber-Attacks

Cyber-attacks against healthcare systems are increasing at an alarming rate. Attacks are increasing not only in number but also in sophistication [32, 33]. Hackers target healthcare data due to easy access because of insufficient security controls. Comprehensive medical records can sell on the black market for huge sums since they can be used to create fake IDs to buy drugs or file fake insurance claims. The prevalence of identity theft is also worrisome. In many cases, healthcare providers share data with third parties who aren’t as secure as the providers themselves. Hackers target these third parties to steal and modify sensitive data. In some cases, hackers pose as legitimate healthcare providers to trick patients into revealing their healthcare data. Social engineering is widespread and can only be prevented by user awareness. Denial of service (DOS) attacks and distributed denial of service (DDOS) attacks exhaust the network resources available and prevent legitimate healthcare providers from accessing, sending, receiving and entering medical records. Implementing a healthcare system which can resist such attacks is extremely hard and requires constant maintenance, upgrades and monitoring. The development and execution of such a system require substantial money, resources and manpower.

State-Sponsored Surveillance

Surveillance and abuse of privacy are quickly climbing the policy agendas of developing countries [34]. National identification systems, DNA databases and biometric systems have all given rise to significant political debates, with activists up in arms. Due to this opposition, laws are tweaked, regulators and third parties are brought in to oversee the system and courts are called upon to judge compliance with constitutional provisions. However, all of this rarely affects the real intention of state-sponsored snooping and surveillance. Advocacy groups, media organizations, regulators and judiciaries, where they exist, are less equipped to engage in these complex technology privacy policy discussions. Even the policy-makers themselves may be unable to cope with the complexities. Developing countries are usually associated with the weak economic status tag, but when it comes to the adoption of surveillance policies, many developing countries are implementing vastly more sophisticated surveillance systems than exist in the developed world. One might then ask, how can a government hell-bent on snooping into every activity of its citizens be trusted with handling sensitive healthcare information? By ignoring privacy and security concerns, new risks are being introduced to already vulnerable patients, potentially leading to increased stigma, social exclusion or persecution. In some developing countries, practices and systems are being overhauled but with little importance given to security and privacy. It seems that privacy of healthcare data is a luxury only present in developed countries.

Privacy as a Constitutional Right

The majority of developing countries have privacy stated as a fundamental right in their constitutions. Article 12 of the Universal Declaration of Human Rights states that no one shall be subjected to arbitrary interference with his privacy. Yet, the privacy and security of an individual’s personally identifiable information are constantly undermined and shared without consent. The absence of a strategy and framework, however, to enforce the privacy of healthcare data is worrying and must be focused on.

Internal and External Threats

Most of the healthcare systems in the world partner with various external centres such as diagnostics, insurance and laboratories for the smooth working of the entire system, but involving so many layers can lead to many built-in flaws, making the system vulnerable to attacks and giving various actors in play a chance to access the data for misuse. Different centres that get involved during the course many times fail to flawlessly integrate their security systems, therefore leading to many security loopholes which can be easily noticed and exploited by anybody who accesses the system.

Data Breaching

In Ref. [35], data breaching refers to the intentional or unintentional release of private information to an untrusted environment. Because all the healthcare dataset has now been shifted to cloud servers and is accessible on the Internet, the data have become less secure and are prone to more threats through the server, allowing third parties to access the data and misusing them, like copying them and sending to someone or making unauthorized changes.

Consent Management

To access the records of any individual, one person needs to have the consent of the patient as well as that of the doctor treating the patient. This ensures that the private records are available to only those who have been authorized and authenticated. The challenge to act out this procedure is to ensure that the consent is not being faked and has been given by the patient and doctor. In cases like these, it is very easy to impersonate a member involved, jeopardizing the patient’s privacy. Proper methods and tools need to be used to incorporate this without any security threat.

Trusting the Third Party

In Ref. [31], hospitals use third parties to authorize the user and authenticate the data; as to who can access the data and how much, it needs to be guaranteed that the third party is operating without any bias and that, even with the authority to control the data, it does not get the power to manipulate them and exploit them.

Improper Human Resource Management

As written in an article in Home Business titled “8 Challenges Faced by Healthcare in India,” in a country like India, the difference between the healthcare structure of the rural and urban areas is massive. The management to train employees and provide services is lacking in rural areas; nonetheless even the doctors and nurses from these areas wish to move to bigger and more developed areas for better career exposure. Another point lacking in human resource management is the education system. With the Internet taking over the world and all the hospitals shifting to cloud server databases, there needs to be proper protocol followed while accessing the data; one step gone wrong can put every user’s privacy at risk. Therefore, the management needs to educate their employees on the accurate use of the system.

Conclusion

Privacy in healthcare is an absolute necessity to keep the patient’s healthcare data confidential and secure. Strict policies and robust systems are the need of the hour to protect patient data from exploitation and misuse. Healthcare inventions and technologies which help improve patient care and improve longevity and standard of life are emerging at breakneck speed. However, in most of these advancements, the security and privacy of patient information are compromised. The security of patient data ensures hackers can’t steal identities or manipulate healthcare records and builds trust between the patient and the system. This chapter explores the privacy policies present in countries along with the pros and cons of their policies. It further explores the challenges and problems faced by developing countries while trying to establish a uniform, robust policy throughout the country and, finally, searches for possible models which may serve as a solution to the patient privacy issues in developing countries.

References

• 1. Vora, J., DevMurari. P.. Tanwar, S., Tyagi, S.. Kumar. N.. & Obaidat. M. S. (2018). Blind signatures based secured e-healthcare system. In 2018 International Conference on Computer, Information and Telecommunication Systems (CITS) (pp. 1-5). IEEE. https://doi.org/10.1109/CITS.2018.8440186.
• 2. Pussewalage, H. S. G., & Oleshchuk, V. A. (2016). Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions. International Journal of Information Management, 36(6), 1161-1173. https://doi.Org/10.1016/j.ijin fomgt.2016.07.006.
• 3. Senthilkumar, S. A., Rai, В. K., Meshram, A. A., Gunasekaran, A., & Chandrakumarmangalam, S. (2018). Big data in healthcare management: A review of literature. American Journal of Theoretical and Applied Business, 4, 57-69. https://do i.org/10.11648/j.ajtab.20180402.14.
• 4. L. Sweeney. (2002). k-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5), 557-570. https://doi.org/10.1142/S0218488502001648.
• 5. Sweeney, L.. (2018). Simple demographics often identify people uniquely. Carnegie Mellon University. Journal contribution. https://doi.Org/10.l 184/Rl/6625769.vl.
• 6. Xu. L., Jiang, C., Chen. Y.. Ren. Y.. & Liu. K. R. (2015). Privacy or utility in data collection? A contract theoretic approach. IEEE Journal of Selected Topics in Signal Processing, 9(7). 1256-1269. https://doi.org/10.1109/JSTSP.2015.2425798.
• 7. Chiauzzi, E., Rodarte, C. & DasMahapatra, P. (2015). Patient-centered activity monitoring in the self-management of chronic health conditions. BMC Medicine, 13, 77. https://doi.org/10.1186/sr2916-015-0319-2.
• 8. Pritts, J. (2008). The importance and value of protecting the privacy of health information: Roles of HIPAA privacy rule and the common rule in health research. Institute of Medicine.
• 9. Institute of Medicine (US) Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule: Nass SJ. Levit LA, Gostin LO. editors. (2009). Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. Washington. DC: National Academies Press. 2, The Value and Importance of Health Information Privacy. Available from: https://www.ncbi.nlm.nih.g0v/b00ks/N ВК9579/.
• 10. U.S. Department of Health & Human Services Office for Civil Rights. Privacy, security, and electronic health records, https://www.hhs.gov/sites/default/files/ocr/privacy /hipaa/understanding/consumers/privacy-security-electronic-records.pdf?language =en.
• 11. Nigeria Health let Phase 2 Field Assessment Findings, http://ict4somlnigeria.info/wp -content/uploads/2016/03/Nigeria-Health-Data-Security-Guide.pdf.
• 12. Pishchita A. N. (2013). Legal maintenance of patient data confidentiality in the Russian federation. In Beran R. (eds.). Legal and Forensic Medicine. Berlin, Heidelberg: Springer.

• 13. Gong, M, Wang, S., Wang, L., Liu, C., Wang, J., Guo, Q., Zheng, H., Xie, K., Wang, C., & Hui, Z. (2020). Evaluation of privacy risks of patients’ data in China: Case study. JMIR Medical Informatics, 8(2), el3046. https://doi.org/10.2196/13046.
• 14. Kim. H.. Kim, S. Y., & Joly, Y. (2018). South Korea: In the midst of a privacy reform centered on data sharing. Human Genetics, 137(8), 627-635. https://doi.Org/10.1007/s 00439-018-1920-1.
• 15. Lee, D., Park, M., Chang, S., & Ко, H. (2019). Protecting and utilizing health and medical big data: Policy perspectives from Korea. Healthcare Informatics Research, 25(4), 239-247.
• 16. A. Salehi Shahraki, C. Rudolph and M. Grobler.(2019). A dynamic access control policy model for sharing of healthcare data in multiple domains. In 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/ BigDataSE), Rotorua, New Zealand (pp. 618-625), doi: 10.1109/TrustCom/ BigDataSE.2019.00088.
• 17. T. Bhattasali and K. Saeed. (2014). Two factor remote authentication in healthcare. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), New Delhi (pp. 380-386), doi: 10.1109/ICACCI.2014.6968594.
• 18. L. Rostad and O. Edsberg. (2006). A study of access control requirements for healthcare systems based on audit trails from access logs. In 22nd Annual Computer Security Applications Conference (ACSAC'06), Miami Beach, FL (pp. 175-186), doi: 10.1109/ ACSAC.2006.8.
• 19. Raul, A. C. (Ed.). (2018). The Privacy, Data Protection and Cybersecurity Law Review. Law Business Research Limited.
• 20. Wadhwa, R., Mehra, A., Singh, P„ & Singh, M. (2015). A pub/sub based architecture to support public healthcare data exchange. In 2015 7th International Conference on Communication Systems and Networks (COMSNETS) (pp. 1-6). IEEE.
• 21. Manogaran G., Thota C., Lopez D., Vijayakumar V., Abbas К. M., & Sundarsekar R. (2017). Big data knowledge system in healthcare. In Bhatt C., Dey N., & Ashour A. (eds.), Internet of Things and Big Data Technologies for Next Generation Healthcare. Studies in Big Data (vol. 23). Cham: Springer.
• 22. Deshmukh, P. (2017). Design of cloud security in the EHR for Indian healthcare services. Journal of King Saud University-Computer and Information Sciences, 29(3), 281-287.https://doi.org/10.1016/j.jksuci.2016.01.002.
• 23. Manogaran, G., Thota, C., Lopez, D., & Sundarasekar, R. (2017). Big data security intelligence for healthcare industry 4.0. In Cybersecurity for Industry 4.0 (pp. ЮЗ- 126). Cham: Springer, https://doi.org/10.1007/978-3-319-50660-9_5.
• 24. Senthilkumar S. A., Bharatendara К Rai, Amruta A Meshram, Angappa Gunasekaran, Chandrakumarmangalam S. Big data in healthcare management: A review of literature. American Journal of Theoretical and Applied Business, 4(2), 57-69. doi: 10.11648/j. ajtab.20180402.14.
• 25. C. Esposito, A. De Santis, G. Tortora, H. Chang and K. R. Choo. (2018). Blockchain: A panacea for healthcare cloud-based data security and privacy?. IEEE Cloud Computing, 5(1), 31-37, doi: 10.1109/MCC.2018.011791712.
• 26. Kagalwalla, N., Garg, T., Churi, P„ & Pawar, A. (2019). A survey on implementing privacy in healthcare: An indian perspective. International Journal of Advanced Trends in Computer Science and Engineering, 8(3), 963-682.
• 27. Sreenu, N. (2019). Healthcare infrastructure development in rural India: A critical analysis of its status and future challenges. British Journal of Healthcare Management, 25(12), 1-9.

• 28. Mittal, Y. K., Paul, V. K., Rostami, A., Riley, M., & Sawhney, A. (2020). Delay factors in construction of healthcare infrastructure projects: A comparison amongst developing countries. Asian Journal of Civil Engineering, 21, 649-661.
• 29. Roger Strasser, Sophia M. Kam, & Sophie M. Regalado. (2016). Rural health care access and policy in developing Countries. Annual Review of Public Health, 37(1), 395-412.
• 30. Kiyomu Ishikawa. (2001). Health data use and protection policy; based on differences by cultural and social environment. International Journal of Medical Informatics, 60(2), 119-125.
• 31. Shrestha. N. M.. Alsadoon, A.. Prasad. P. W. C„ Hourany, L„ & Elchouemi, A. (2016). Enhanced e-health framework for security and privacy in healthcare system. In 6th International Conference on Digital Information Processing and Communications (ICDIPC) (pp. 75-79). IEEE.
• 32. Sun, Z., Strang, K. D., & Pambel, F. (2018). Privacy and security in the big data paradigm. Journal of Computer Information Systems, 60(2), 146-155.
• 33. Martin Guy, Martin Paul, Hankin Chris, Darzi Ara, & Kinross James. Cybersecurity and healthcare: How safe are we? BMJ, 358, j3179.
• 34. Office of the Privacy Commissioner of Canada, https://www.priv.gc.ca/en/opc-actions -and-decisions/research/explore-privacy-research/201 l/hosein_201109/#archived.
• 35. Rana, M. E„ Kubbo, M., & Jayabalan, M. (2017). Privacy and security challenge towards cloud-based access control. Asian Journal of Information Technology, 16(2— 5), 274-281.

hup:.‘VLuy I urundfr-ei гю s.curn

13 The Role of Law in